[bug-notifications] [nrpe 0003939]: NRPE installation instructions urge to use inetd for tcp_wrappers

Mantis Bug Tracker noreply at opencsw.org
Tue Oct 13 08:20:54 CEST 2009 

A NOTE has been added to this issue. 
====================================================================== 
http://www.opencsw.org/bugtrack/view.php?id=3939 
====================================================================== 
Reported By:                alexs77
Assigned To:                ja
====================================================================== 
Project:                    nrpe
Issue ID:                   3939
Category:                   regular use
Reproducibility:            have not tried
Severity:                   tweak
Priority:                   normal
Status:                     assigned
====================================================================== 
Date Submitted:             2009-10-05 14:32 CEST
Last Modified:              2009-10-13 08:20 CEST
====================================================================== 
Summary:                    NRPE installation instructions urge to use inetd for
tcp_wrappers
Description: 
The NRPE installation instructions strongly urge, that tcp_wrappers should
be used to protect the installation. For this, it's written that inetd
should be used.

Right now, nrpe is launched as a standalone daemon.

So that nrpe can be launched from inetd, the following line should be
appended to /etc/services:

nrpe    5666/tcp

And to make inetd start/stop nrpe, add this line to /etc/inetd.conf:

nrpe stream tcp nowait nagios /usr/sfw/sbin/tcpd /opt/csw/bin/nrpe -c
/opt/csw/etc/nrpe.cfg -i

On Solaris 10, that line should be written to some temporary file and then


inetconv -i $temp_file_with_inetd_line

is to be invoked.

After that, it might be a good idea to enable TCP_WRAPPER support; on
Solaris 10, do:

inetadm -m svc:/network/nrpe/tcp:default tcp_wrappers=TRUE

For Solaris 8 & 9:

         tcp_wrappers  is  equivalent  to  the  previous  inetd's
         /etc/default/inetd property ENABLE_TCPWRAPPERS.

So that inetd is able to start nrpe, the $HOME directory of the user
starting nrpe (ie. "nagios") has to exist; IOW: /opt/csw/nagios must exist.
On a host which only has nrpe (and maybe nagios-plugins) installed, that's
not the case.
====================================================================== 

---------------------------------------------------------------------- 
 (0006854) alexs77 (reporter) - 2009-10-13 08:20
 http://www.opencsw.org/bugtrack/view.php?id=3939#c6854 
---------------------------------------------------------------------- 
ja,
thanks a lot!

What further investigation? :) If nrpe is started standalone, then
tcp_wrapper isn't used. If started using inetd, then tcp_wrapper can be
used (depending on the configuration of the inetd, of course).

More information about the bug-notifications mailing list